755 matches found
Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting
A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...
EUVD-2026-42489
Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-15118
Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-15118
Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-15118
CVE-2026-15118 describes a Use-After-Free in Chrome’s Input component affecting Google Chrome versions prior to 150.0.7871.115. A remote attacker could exploit this via a crafted HTML page to execute arbitrary code within the browser sandbox. The Chrome advisories and related sources confirm the ...
GHSA-M982-7Q3H-R784 Open Babel has out-of-bounds read in PQS lowerit (pre-buffer read)
Summary A memory-safety vulnerability in Open Babel's PQS parser caused an out-of-bounds pre-buffer read when reading a crafted input file. Details The flaw was in the lowerit helper used by the PQS parser. A malformed input caused the helper to read one or more bytes before the start of its inpu...
Linux Distros Unpatched Vulnerability : CVE-2026-13866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to...
CVE-2026-14031
CVE-2026-14031 corresponds to an Inappropriate implementation in Google Chrome’s File Input component, allowing a remote attacker to perform UI spoofing through a crafted HTML page. Affected software: Google Chrome (and Chromium-based components) with versions prior to 150.0.7871.47. Root cause (...
CVE-2026-8403
CVE-2026-8403 describes a Stored XSS in Eksagate SYSGUARD 6001 (2.0.2 before 6.1.4.0). The vulnerability stems from improper neutralization of input during web page generation. Affected product is SYSGUARD 6001; vendor is not supported per notes. CVSSv3.1 base score 6.1 (MEDIUM) with Network atta...
Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-50876
A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Chromium: CVE-2026-10959 Use after free in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
SUSE CVE-2026-11228
Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Chromium: CVE-2026-11160 Out of bounds read in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-11293
Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-11160
Out of bounds read in Input in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11293
CVE-2026-11293 affects Google Chrome (desktop) with Chromium, involving a use-after-free in Input that could allow a remote attacker to potentially escape the sandbox via a crafted HTML page. The issue references Chrome versions prior to 149.0.7827.53 and indicates the vulnerability is tied to th...
CVE-2026-10959
Use after free in Input in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2019-25737
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie...
CVE-2026-45431
This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...